On Tue 25 Sep 2007 20:57:48 NZST +1200, Christopher Sawtell wrote: > If you look in the file /etc/ca-certificates.conf you will see the > names of all the Cert Authorities which your browser will recognise.
> cat /etc/ca-certificates.conf cat: /etc/ca-certificates.conf: No such file or directory > Adding a certificate yourself is not exactly mind-boggling science. Browser: Settings->crypto config->yadda->import There are 2 major problems with this: 1) My $RELATIVE would be able to do it with a bit of talking. They would however not be able to assess and understand the security implications of this. 2) Every single user of my website will have to do it. This is a k.o. for ecommerce and many other sites. > imho, this whole CA lark is just that. A lark to wrought money out of > the ignorant and innocent. Ack, the certificate mafia holding everyone at gunpoint. They do provide a necessary service (it solves 2) above), but not at a price remotely proportionate to the cost of providing it. > of money! I really do not know any of them, so why should I trust > them for even a moment to say that some A. N. Other is trustworthy? Their promises as to a 3rd party identity may not be worth much, but epsilon divided by 0 is still infinitely more than 0 ... :) There are 2 different cases we need to keep distinguishing here: I set up a website for a limited target audience each member of which I can personally provide with a certificate. Nothing will beat my self-made self-signed certificate. The other is where there can not be a personal relationship between 2 parties, hence the delegation of trust to a trust network. Coming back to CAcert, I'm afraid their website doesn't inspire me with more confidence than a cert issued by Verislime&Co(TM), their idea is good though, although the current state of affairs is not much better with using a CAcert instead of a seld-made one, AFAICT. The previously referenced Mozilla bug is donkeys years old and the CAcert CA still isn't in Mozilla. Volker Thanks for the humour bit. ;) -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me.
